04 January 2018

Following the success of the one-day Secure Events and Security Congress in EMEA, (ISC)²’s new look two-day Secure Summits bring multi-subject sessions from hands on practical workshops to keynotes and panel discussions, featuring local and international industry experts to maximise the learning experience and CPE opportunities.

Serving the entire (ISC)² EMEA professional community with five regional events, the Summits offer a wealth of educational value, networking opportunities, and a community forum for likeminded professionals, all of which are FREE to (ISC)² members & (ISC)² Chapter members. Read on for insights from one of our popular Secure Summit UK sessions:

(ISC)² 2017 Secure Summit UK in London saw Mark Stokes, Head of Digital & Electronics Forensics at Metropolitan Police lift the lid on law enforcement in the digital age. From Artificial Intelligence detectives and digital CSI, to training the next generation of cyber Cluedos, he showed how online threats are transforming the nature of UK police work.

Mark began by revealing the scale of investigation into the criminal underworld, with his own force handling 15,000 investigations and 53,000 ‘exhibits’ – from laptops to smartphones – in the past year alone. With a plethora of new IoT devices, such as connected toothbrushes to smart fridges emerging every year, digital forensics investigators are in a constant race against time to find ways to extract evidence from newly released devices they may not even have heard of before.

Mark showed how the problem is being partly solved by transforming front-line police officers into digital detectives, with 64% of mobile phone examinations now being performed by police officers. Crime-scene examiners trained to scour a crime scene for suspicious items that warrant forensic analysis are now being re-trained as cyber-sleuths, able to perform the same role in cyberspace and search for devices and data that warrants forensic analysis. In future, we could even see Artificial Intelligence play a major role in police detective work. AI has already been trained to recognise guns, drugs and pornography among millions of images. Soon, Artificial Intelligence detectives could trawl thousands of files to autonomously identify images of child abuse, removing humans from one of the most distressing tasks in police work.

Yet retaining and analysing this ballooning array of criminal data will require computing power and storage space beyond the capacity of most police forces. When someone is convicted of a crime, data has to be held for 30 years and police pull evidence from thousands of devices every year. As a result, the Met are now planning to outsource the storage, analysis and security of crime data to the cloud. Corporations have the resources to store, analyse and secure data far better than the police. Yet privatising such a crucial element of police work will open up a legal minefield, since it is a crime for private companies to hold illegal material such as child pornography. How can you legally store and secure indecent images in the cloud?

As the rise of a connected society gives the technology giants ever more power, police work will become dependent on private-sector co-operation. In many ways, private companies will now hold the keys to solving crimes. For example, the police walk a tightrope between advising companies to beef up the security of their customers’ devices, and asking them to leave have enough ‘backdoors’ for them to be accessible to police investigators.

This means an enormous amount of what was previously police work will now rely on the help and co-operation of the private sector, yet laws have not currently evolved to deal with this new reality.

This has created a growing need to educate politicians and lawmakers in cybersecurity to ensure our laws keep pace with our technology. It is not just private companies who have a major part to play in combating cyber-crime; citizens must also be helped and encouraged secure their own data and devices just as people are taught not to leave their valuables lying around. Security can no longer be the sole responsibility of corporations or governments; in a connected society.

From educating front-line police officers in how to scour crime-scenes for digital clues and teaching politicians about cybersecurity to working with private companies and private citizens to uphold the law, it is clear that police will have to enlist the help of our whole society in combating cyber-crime.

This will require everyone from politicians to police officers, corporate boards and private citizens to get security training. It will create a new partnership between the police and the people, working together to uphold a common law in cyberspace.

Comments

Following the success of the one-day Secure Events and Security Congress in EMEA, (ISC)²’s new look two-day Secure Summits bring multi-subject sessions from hands on practical workshops to keynotes and panel discussions, featuring local and international industry experts to maximise the learning experience and CPE opportunities.

Serving the entire (ISC)² EMEA professional community with five regional events, the Summits offer a wealth of educational value, networking opportunities, and a community forum for likeminded professionals, all of which are FREE to (ISC)² members & (ISC)² Chapter members. Read on for insights from one of our popular Secure Summit UK sessions:

(ISC)² 2017 Secure Summit UK in London saw Mark Stokes, Head of Digital & Electronics Forensics at Metropolitan Police lift the lid on law enforcement in the digital age. From Artificial Intelligence detectives and digital CSI, to training the next generation of cyber Cluedos, he showed how online threats are transforming the nature of UK police work.

Mark began by revealing the scale of investigation into the criminal underworld, with his own force handling 15,000 investigations and 53,000 ‘exhibits’ – from laptops to smartphones – in the past year alone. With a plethora of new IoT devices, such as connected toothbrushes to smart fridges emerging every year, digital forensics investigators are in a constant race against time to find ways to extract evidence from newly released devices they may not even have heard of before.

Mark showed how the problem is being partly solved by transforming front-line police officers into digital detectives, with 64% of mobile phone examinations now being performed by police officers. Crime-scene examiners trained to scour a crime scene for suspicious items that warrant forensic analysis are now being re-trained as cyber-sleuths, able to perform the same role in cyberspace and search for devices and data that warrants forensic analysis. In future, we could even see Artificial Intelligence play a major role in police detective work. AI has already been trained to recognise guns, drugs and pornography among millions of images. Soon, Artificial Intelligence detectives could trawl thousands of files to autonomously identify images of child abuse, removing humans from one of the most distressing tasks in police work.

Yet retaining and analysing this ballooning array of criminal data will require computing power and storage space beyond the capacity of most police forces. When someone is convicted of a crime, data has to be held for 30 years and police pull evidence from thousands of devices every year. As a result, the Met are now planning to outsource the storage, analysis and security of crime data to the cloud. Corporations have the resources to store, analyse and secure data far better than the police. Yet privatising such a crucial element of police work will open up a legal minefield, since it is a crime for private companies to hold illegal material such as child pornography. How can you legally store and secure indecent images in the cloud?

As the rise of a connected society gives the technology giants ever more power, police work will become dependent on private-sector co-operation. In many ways, private companies will now hold the keys to solving crimes. For example, the police walk a tightrope between advising companies to beef up the security of their customers’ devices, and asking them to leave have enough ‘backdoors’ for them to be accessible to police investigators.

This means an enormous amount of what was previously police work will now rely on the help and co-operation of the private sector, yet laws have not currently evolved to deal with this new reality.

This has created a growing need to educate politicians and lawmakers in cybersecurity to ensure our laws keep pace with our technology. It is not just private companies who have a major part to play in combating cyber-crime; citizens must also be helped and encouraged secure their own data and devices just as people are taught not to leave their valuables lying around. Security can no longer be the sole responsibility of corporations or governments; in a connected society.

From educating front-line police officers in how to scour crime-scenes for digital clues and teaching politicians about cybersecurity to working with private companies and private citizens to uphold the law, it is clear that police will have to enlist the help of our whole society in combating cyber-crime.

This will require everyone from politicians to police officers, corporate boards and private citizens to get security training. It will create a new partnership between the police and the people, working together to uphold a common law in cyberspace.

About the (ISC)² Blog

As the certifying body for more than 125,000 cyber, information, software and infrastructure security professionals worldwide, (ISC)² believes in the importance of open dialogue and collaboration. (ISC)² established this blog to provide a voice to certified members, who have significant knowledge and valuable insights that can benefit other security professionals and the public at large.

The (ISC)² blog gives members a forum to exchange ideas and inspires a safe and secure cyber world by supporting the advancement of the information security workforce via a public exchange with a broad range of information security topics.

Whether an (ISC)² member chooses to participate in the (ISC)² blog is his or her own decision. The postings on this site are the author's own and don't necessarily represent (ISC)²'s positions, strategies or opinions. (ISC)² monitors the blog in accordance with the (ISC)² Blog Guidelines, but the bloggers are responsible for their own content – common sense and intelligence should prevail.

Other than links to the (ISC)² website, (ISC)² does not control or endorse any links to products or services provided in this blog and makes no warranty regarding the content on any other linked website.

Those who post comments to (ISC)² blogs should ensure their comments are focused on relevant topics that relate to the specific blog being discussed. (ISC)² reserves the right to remove any post or comment from this site. Should you find objectionable content in this blog, please notify us as soon as possible at blog@isc2.org